| 2411 | Credential stuffing in Bug bounty hunting |
Credential stuffing |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
| 2410 | How I found Blind SQL Injection just by browsing and getting a unique URL |
SQL injection |
NA |
Jawad Mahdi (@hunter0x1) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
| 2409 | Stored XSS in Google Doubleclick Studio [Google Research Grant] |
Stored XSS |
Google |
Jasminder Pal Singh (@Singh_Jasminder) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
| 2408 | RFD Vulnerability And Content-Disposition Header Bypass Story! |
Reflected File Download |
NA |
Kabilan S (@kabilan1290) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
| 2407 | How i was able to bypass Cloudflare for XSS! |
XSS |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
| 2406 | Logical Flaw Resulting Path Hijacking |
Namespace attack |
NA |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
| 2405 | Remote code execution in cdnjs of Cloudflare |
RCE
Path traversal |
Cloudflare |
RyotaK (@ryotkak) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
| 2404 | IIS-Default-Page-to-Information-Disclosure |
Information disclosure |
NA |
0xdln (@0xdln) |
Bug Bounty | 2021-07-17 | 2023-06-13 |
| 2403 | RCE via WebDav - Power Of PUT |
Default credentials
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-07-18 | 2023-06-13 |
| 2402 | Account Takeover + A Bonus Vulnerability |
Account takeover
Session fixation |
NA |
Vikash Maurya |
Bug Bounty | 2021-07-18 | 2023-06-13 |
| 2401 | Facebook Vulnerability: $1500 for Removing Document Cover |
Authorization flaw
IDOR |
Meta / Facebook |
Muhammad Sholikhin (@MuhammadLikhin) |
Bug Bounty | 2021-07-18 | 2023-06-13 |
| 2400 | How I Bypassed a tough WAF to steal user cookies using XSS! |
XSS
WAF bypass |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2021-07-19 | 2023-06-13 |
| 2399 | Hacking Xiaomi%27S Android Apps - Part 1 |
Android
Information disclosure
Open redirect
Privacy issue |
Xiaomi |
Ameya (@iamTakeMyHand) |
Bug Bounty | 2021-07-19 | 2023-06-13 |
| 2398 | IBM HMC Exploit CVE-2021-29707 |
Local Privilege Escalation |
IBM |
Thomas Cope |
Bug Bounty | 2020-10-21 | 2023-06-13 |
| 2397 | How I was able Find mass leaked AWS s3 bucket from js File |
AWS misconfiguration |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
| 2396 | XSS-Through-Fuzzing-Default-IIS |
Reflected XSS |
NA |
0xdln (@0xdln) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
| 2395 | Guest Blog Post - Attacking the DevTools |
Browser hacking |
Microsoft |
David Erceg (@david_erceg) |
Bug Bounty | 2021-07-21 | 2023-06-13 |
| 2394 | Escalating Self-XSS To Stored XSS via Image injection + IDOR |
Self-XSS
Stored XSS
IDOR |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-07-21 | 2023-06-13 |
| 2393 | Unauthenticated Access To MongoDB Database of Oracle Corporation |
Missing authentication
Exposed administrative interface |
Oracle |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-07-22 | 2023-06-13 |
| 2392 | Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm |
Weak crypto |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-07-22 | 2023-06-13 |
| 2391 | FragAttacks |
Wifi |
Internet Bug Bounty |
Mathy Vanhoef (@vanhoefm) |
Bug Bounty | 2021-07-23 | 2023-06-13 |
| 2390 | Story OF MY 3RD Bounty From Facebook |
Logic flaw |
NA |
Aashish Jung Kunwar (@WhoisAasis) |
Bug Bounty | 2021-07-23 | 2023-06-13 |
| 2389 | How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools |
SSTI
SQL injection
Authentication bypass
Privilege escalation
Reflected XSS |
Meta / Facebook |
Orwa Atyat (@GodfatherOrwa) |
Bug Bounty | 2021-07-23 | 2023-06-13 |
| 2388 | eBay XSS demo and guide to spear phishing |
XSS |
Ebay |
MLT (@0dayWizard) |
Bug Bounty | 2021-07-25 | 2023-06-13 |
| 2387 | Not valid bug that leads to us a multiple Valid Report in Facebook |
Information disclosure |
Meta / Facebook |
Kent Jarold Abulag (@wkemenhehehegsg) |
Bug Bounty | 2021-07-25 | 2023-06-13 |
